[devel] [Fwd: Re: [BUGTRAQ] Linux kernel sysctl() vulnerability]

[Anton Farygin]

Мне кажется стоит в ядро патч включить.

Rgds
Anton


-------- Original Message --------
Subject: Re: [BUGTRAQ] Linux kernel sysctl() vulnerability
Date: Sat, 10 Feb 2001 10:28:01 +0100
From: Florian Weimer <Florian.Weimer на RUS.UNI-STUTTGART.DE>
Reply-To: Florian Weimer <Florian.Weimer на RUS.UNI-STUTTGART.DE>
To: BUGTRAQ на SECURITYFOCUS.COM
References:
<Pine.LNX.4.30.0102091259040.32418-100000 на ferret.lmh.ox.ac.uk>

Chris Evans <chris на SCARY.BEASTS.ORG> writes:

> There exists a Linux system call sysctl() which is used to query and
> modify runtime system settings. Unprivileged users are permitted to query
> the value of many of these settings.

It appears that all current Linux kernel version (2.2.x and 2.4.x) are
vulnerable.  Right?

Was it really necessary to release this stuff just before the weekend?

The following trivial patch should fix this issue. (I wonder how you
can audit code for such vulnerabilities.  It's probably much easier to
rewrite it in Ada. ;-)

--- sysctl.c    2001/02/10 09:42:12     1.1
+++ sysctl.c    2001/02/10 09:42:26
@@ -1123,7 +1123,7 @@
                  void *oldval, size_t *oldlenp,
                  void *newval, size_t newlen, void **context)
 {
-       int l, len;
+       unsigned l, len;

        if (!table->data || !table->maxlen)
                return -ENOTDIR;

--
Florian Weimer 	                  Florian.Weimer на RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898
_______________________________________________
Devel mailing list
Devel на linux.iplabs.ru
http://www.logic.ru/mailman/listinfo/devel